Pages

Saturday, November 3, 2012

Sysax FTP Automation Server <= 5.33 has a privilege escalation vulnerability. By default the "Sysax Scheduler" service runs as SYSTEM. The problem is that you can point the scheduler to any file you want and it will be executed as SYSTEM. Not much to this one, here is an example of exploitation: